Stop exposing Apache Http Client 3 in XWiki Standard API

Issue created

Thomas Mortagne created this issue on 19/Nov/25 10:50

Summary:	Stop exposing Apache Http Client 3 in XWiki Standard API
Issue Type:	Bug
Affects Versions:	16.10.13
Assignee:	Unassigned
Components:	Old Core
Created:	19/Nov/25 10:50
Priority:	Major
Reporter:	Thomas Mortagne
Description:	Apache HTTP Client 3 is exposed publicly in XWiki#getHttpClient which is both wrong in general and made even worst because this library has a serious vulnerability.

Changes by Thomas Mortagne on 19/Nov/25 10:50

Fix Version:	17.0.0-rc-1
Fix Version:	16.10.15
Fix Version:	17.4.8
Documentation in Release Notes:	https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/17.10.0RC1/#HApacheHttpClient3isnotincludedinXWikiStandardanymore
Documentation:	N/A
Assignee:	Thomas Mortagne
Resolution:	Fixed
Status:	Open Closed

This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6)

If image attachments aren't displayed, see this article.